A serious data breach has shaken the Steam community, potentially affecting over 89 million user accounts. While Steam itself wasnโt directly hacked, a third-party vendor that Valve previously worked with has been compromised, and the stolen data could include usernames, passwords, 2FA logs, and more.
โ ๏ธ What Happened?
- ๐ฅ A hacker named โMachine1337โ posted on a darknet forum claiming access to 89+ million Steam records.
- ๐ The leak reportedly includes:
- Usernames and passwords
- Two-factor authentication (2FA) SMS logs
- Message metadata and delivery details
- ๐ง This breach was brought to light by security group Underdark AI via LinkedIn and further amplified by Reddit user Mellow_Online1.
๐งฉ How Did This Happen?
- ๐ข A third-party cloud service provider used by Valve, likely for SMS 2FA services, appears to be the breach source.
- โ๏ธ These services are common for handling 2FA verification messages, but this hack could allow malicious actors to:
- Intercept real 2FA codes
- Send spoofed or phishing messages
- Exploit reused credentials across platforms
๐ก๏ธ What Should You Do NOW?
- Change your Steam password immediately.
- Enable Steam Guard (two-factor authentication) if you havenโt already.
- NEVER trust a 2FA message you didnโt request.
- Avoid reusing passwords across websites โ leaked credentials are often used in credential stuffing attacks.
- Consider using a password manager to generate and store strong, unique passwords.
๐ Stay Alert
Valve has yet to issue an official statement, but given the scale of the breach, itโs crucial to act now. Always verify login attempts and be cautious of suspicious messages claiming to be from Steam or Valve.
